mirror of
https://github.com/golang/go
synced 2024-11-26 17:56:55 -07:00
doc: more additions to go1.8.html
Adds crypto/tls, crypto/x509, math/big, mime. TBR=See https://golang.org/cl/33244 Updates #17929 Change-Id: I3fa3739e56f8c005e2a43c19f525cc5e2d981935 Reviewed-on: https://go-review.googlesource.com/33666 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
parent
268bc396c1
commit
0004724822
156
doc/go1.8.html
156
doc/go1.8.html
@ -541,6 +541,122 @@ in mind.
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<dl id="crypto_tls"><dt><a href="/pkg/crypto/tls/">crypto/tls</a></dt>
|
||||
<dd>
|
||||
<p> <!-- CL 25159, CL 31318 -->
|
||||
The new method
|
||||
<a href="/pkg/crypto/tls/#Conn.CloseWrite"><code>Conn.CloseWrite</code></a>
|
||||
allows TLS connections to be half closed.
|
||||
</p>
|
||||
|
||||
<p> <!-- CL 28075 -->
|
||||
The new method
|
||||
<a href="/pkg/crypto/tls/#Config.Clone"><code>Config.Clone</code></a>
|
||||
clones a TLS configuration.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<!-- CL 30790 -->
|
||||
The new <a href="/pkg/crypto/tls/#Config.GetConfigForClient"><code>Config.GetConfigForClient</code></a> (TODO: make link work)
|
||||
callback allows selecting a configuration for a client dynamically, based
|
||||
on the client's
|
||||
<a href="/pkg/crypto/tls/#ClientHelloInfo"><code>ClientHelloInfo</code></a>.
|
||||
|
||||
<!-- CL 31391, CL 32119 -->
|
||||
The <a href="/pkg/crypto/tls/#ClientHelloInfo"><code>ClientHelloInfo</code></a>
|
||||
struct now has new
|
||||
fields <code>Conn</code>, <code>SignatureSchemes</code> (using
|
||||
the new
|
||||
type <a href="/kg/crypto/tls/#SignatureScheme"><code>SignatureScheme</code></a>),
|
||||
<code>SupportedProtos</code>, and <code>SupportedVersions</code>.
|
||||
</p>
|
||||
|
||||
<p> <!-- CL 32115 -->
|
||||
The new <a href="/pkg/crypto/tls/#Config.GetClientCertificate"><code>Config.GetClientCertificate</code></a> (TODO: make link work)
|
||||
callback allows selecting a client certificate based on the server's
|
||||
TLS <code>CertificateRequest</code> message, represented by the new
|
||||
<a href="/pkg/crypto/tls/#CertificateRequestInfo"><code>CertificateRequestInfo</code></a>.
|
||||
</p>
|
||||
|
||||
<p> <!-- CL 27434 -->
|
||||
The new
|
||||
<a href="/pkg/crypto/tls/#Config.KeyLogWriter"><code>Config.KeyLogWriter</code></a>
|
||||
(TODO: make link work) allows debugging TLS connections
|
||||
in <a href="https://www.wireshark.org/">WireShark</a> and
|
||||
similar tools.
|
||||
</p>
|
||||
|
||||
<p> <!-- CL 32115 -->
|
||||
The new
|
||||
<a href="/pkg/crypto/tls/#Config.VerifyPeerCertificate"><code>Config.VerifyPeerCertificate</code></a>
|
||||
(TODO: make link work)
|
||||
callback allows additional validation of a peer's presented certificate.
|
||||
</p>
|
||||
|
||||
<p> <!-- CL 18130 -->
|
||||
The <code>crypto/tls</code> package now implements basic
|
||||
countermeasures against CBC padding oracles. There should be
|
||||
no explicit secret-dependent timings, but it does not attempt to
|
||||
normalize memory accesses to prevent cache timing leaks.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The <code>crypto/tls</code> package now supports
|
||||
X25519 and <!-- CL 30824, CL 30825 -->
|
||||
ChaCha20-Poly1305. <!-- CL 30957, CL 30958 -->
|
||||
ChaCha20-Poly1305 is now prioritized unless <!-- CL 32871 -->
|
||||
AES-GCM when hardware support is present.
|
||||
</p>
|
||||
|
||||
<p> <!-- CL 27315 -->
|
||||
AES-128-CBC cipher suites with SHA-256 are also
|
||||
now supported.
|
||||
</p>
|
||||
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<dl id="crypto_x509"><dt><a href="/pkg/crypto/x509/">crypto/x509</a></dt>
|
||||
<dd>
|
||||
<p> <!-- CL 30578 -->
|
||||
<a href="/pkg/crypto/x509/#SystemCertPool"><code>SystemCertPool</code></a>
|
||||
is now implemented on Windows.
|
||||
</p>
|
||||
|
||||
<p> <!-- CL 24743 -->
|
||||
PSS signatures are now supported.
|
||||
</p>
|
||||
|
||||
<p> <!-- CL 32644 -->
|
||||
<a href="/pkg/crypto/x509/#UnknownAuthorityError"><code>UnknownAuthorityError</code></a>
|
||||
now has a <code>Cert</code> field, reporting the untrusted
|
||||
certificate.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Certificate validation is more permissive in a few cases and
|
||||
stricter in a few other cases.
|
||||
<!--
|
||||
crypto/x509: allow a leaf certificate to be specified directly as root (CL 27393)
|
||||
crypto/x509: check that the issuer name matches the issuer's subject name (CL 23571)
|
||||
crypto/x509: don't accept a root that already appears in a chain. (CL 32121)
|
||||
crypto/x509: fix name constraints handling (CL 30155)
|
||||
crypto/x509: parse all names in an RDN (CL 30810)
|
||||
crypto/x509: recognise ISO OID for RSA+SHA1 (CL 27394)
|
||||
crypto/x509: require a NULL parameters for RSA public keys (CL 16166, CL 27312)
|
||||
crypto/x509: return error for missing SerialNumber (CL 27238)
|
||||
-->
|
||||
</p>
|
||||
|
||||
<p><!-- CL 30375 -->
|
||||
Root certificates will now also be looked for
|
||||
at <code>/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem</code>
|
||||
on Linux, to support RHEL and CentOS.
|
||||
</p>
|
||||
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<dl id="database_sql"><dt><a href="/pkg/database/sql/">database/sql</a></dt>
|
||||
<dd>
|
||||
<p>
|
||||
@ -725,6 +841,29 @@ pkg debug/pe, type StringTable []uint8</pre>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<dl id="math_big"><dt><a href="/pkg/math/big/">math/big</a></dt>
|
||||
<dd>
|
||||
<p><!-- CL 30706 -->
|
||||
The new method
|
||||
<a href="/pkg/math/big/#Int.Sqrt"><code>Int.Sqrt</code></a>
|
||||
calculates ⌊√x⌋.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The new method
|
||||
<a href="/pkg/math/big/#Float.Scan"><code>Float.Scan</code></a>
|
||||
is a support routine for
|
||||
<a href="/pkg/fmt/#Scanner"><code>fmt.Scanner</code></a>.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<a href="/pkg/math/big/#Int.ModInverse"><code>Int.ModInverse</code></a>
|
||||
now supports negative numbers.
|
||||
</p>
|
||||
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<dl id="math_rand"><dt><a href="/pkg/math/rand/">math/rand</a></dt>
|
||||
<dd>
|
||||
|
||||
@ -742,6 +881,23 @@ pkg debug/pe, type StringTable []uint8</pre>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<dl id="mime"><dt><a href="/pkg/mime/">mime</a></dt>
|
||||
<dd>
|
||||
<p> <!-- CL 32175 -->
|
||||
<a href="/pkg/mime/#ParseMediaType"><code>ParseMediaType</code></a>
|
||||
now preserves unnecessary backslash escapes as literals,
|
||||
in order to support MSIE.
|
||||
When MSIE sends a full file path (in "intranet mode"), it does not
|
||||
escape backslashes: <code>"C:\dev\go\foo.txt"</code>, not
|
||||
<code>"C:\\dev\\go\\foo.txt"</code>.
|
||||
If we see an unnecessary backslash escape, we now assume it is from MSIE
|
||||
and intended as a literal backslash.
|
||||
No known MIME generators emit unnecessary backslash escapes
|
||||
for simple token characters like numbers and letters.
|
||||
</p>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<dl id="mime_quotedprintable"><dt><a href="/pkg/mime/quotedprintable/">mime/quotedprintable</a></dt>
|
||||
<dd>
|
||||
|
||||
|
@ -91,40 +91,6 @@ cmd/vet: skip printf check for non-constant format string during failed import (
|
||||
|
||||
crypto/cipher: enforce message size limits for GCM (CL 28410)
|
||||
|
||||
crypto/tls: add CloseWrite method to Conn (CL 25159, 31318)
|
||||
crypto/tls: add Config.Clone (CL 28075)
|
||||
crypto/tls: add Config.GetConfigForClient (CL 30790)
|
||||
crypto/tls: add GetClientCertificate callback (CL 32115)
|
||||
crypto/tls: add KeyLogWriter for debugging (CL 27434)
|
||||
crypto/tls: add VerifyPeerCertificate to tls.Config (CL 26654)
|
||||
crypto/tls: add a SignatureScheme type. (CL 32119)
|
||||
crypto/tls: don't generate random ticket keys if already set (CL 27317)
|
||||
crypto/tls: enable ChaCha20-Poly1305 cipher suites by default. (CL 30958)
|
||||
crypto/tls: expand ClientHelloInfo (CL 31391)
|
||||
crypto/tls: fix deadlock when racing to complete handshake (CL 29164)
|
||||
crypto/tls: flush the buffer on handshake errors (CL 28818)
|
||||
crypto/tls: implement countermeasures against CBC padding oracles (CL 18130)
|
||||
crypto/tls: set Conn.ConnectionState.ServerName unconditionally (CL 22862)
|
||||
crypto/tls: support AES-128-CBC cipher suites with SHA-256 (CL 27315)
|
||||
crypto/tls: support ChaCha20-Poly1305. (CL 30957)
|
||||
crypto/tls: support X25519 (CL 30824, CL 30825)
|
||||
crypto/{tls,cipher,internal/cryptohw}: prioritise AES-GCM when hardware support is present. (CL 32871)
|
||||
|
||||
crypto/x509: Fix bug in UnknownAuthorityError.Error (CL 27992)
|
||||
crypto/x509: allow a leaf certificate to be specified directly as root (CL 27393)
|
||||
crypto/x509: check that the issuer name matches the issuer's subject name (CL 23571)
|
||||
crypto/x509: don't accept a root that already appears in a chain. (CL 32121)
|
||||
crypto/x509: expose UnknownAuthorityError.Cert (CL 32644)
|
||||
crypto/x509: fix name constraints handling (CL 30155)
|
||||
crypto/x509: implement SystemCertPool on Windows (CL 30578)
|
||||
crypto/x509: parse all names in an RDN (CL 30810)
|
||||
crypto/x509: recognise ISO OID for RSA+SHA1 (CL 27394)
|
||||
crypto/x509: require a NULL parameters for RSA public keys (CL 16166)
|
||||
crypto/x509: require a NULL parameters for RSA public keys (CL 27312)
|
||||
crypto/x509: return error for missing SerialNumber (CL 27238)
|
||||
crypto/x509: support PSS signatures (CL 24743)
|
||||
crypto/x509: support RHEL 7 cert bundle (CL 30375)
|
||||
|
||||
encoding/asn1: return error for unexported fields in Marshal, Unmarshal (CL 31540)
|
||||
|
||||
encoding/xml: add wildcard support for collecting all attributes (CL 30946)
|
||||
@ -148,12 +114,6 @@ html/template: check "type" attribute in <script> (CL 14336)
|
||||
|
||||
internal/trace: fix analysis of EvGoWaiting/EvGoInSyscall events (CL 25572)
|
||||
|
||||
math/big: add (*Int).Sqrt (CL 30706)
|
||||
math/big: implement Float.Scan, type assert fmt interfaces to enforce docs (CL 30723)
|
||||
math/big: support negative numbers in ModInverse (CL 29299)
|
||||
|
||||
mime: preserve unnecessary backslash escapes as literals (CL 32175)
|
||||
|
||||
net/http/httptest: fill ContentLength in recorded Response (CL 28302)
|
||||
net/http/httptrace: add ClientTrace.TLSHandshakeStart & TLSHandshakeDone (CL 30359)
|
||||
net/http/httputil: add ModifyResponse to reverseProxy (CL 32356)
|
||||
@ -402,6 +362,36 @@ compress/flate: make compression level 0 consistent (CL 31174)
|
||||
compress/flate: tighten the BestSpeed max match offset bound. (CL 32149)
|
||||
compress/gzip: only encode MTIME if it is valid (CL 32325)
|
||||
context: make DeadlineExceeded implement net.Error (CL 30370)
|
||||
crypto/tls: add CloseWrite method to Conn (CL 25159, 31318)
|
||||
crypto/tls: add Config.Clone (CL 28075)
|
||||
crypto/tls: add Config.GetConfigForClient (CL 30790)
|
||||
crypto/tls: add GetClientCertificate callback (CL 32115)
|
||||
crypto/tls: add KeyLogWriter for debugging (CL 27434)
|
||||
crypto/tls: add VerifyPeerCertificate to tls.Config (CL 26654)
|
||||
crypto/tls: add a SignatureScheme type. (CL 32119)
|
||||
crypto/tls: don't generate random ticket keys if already set (CL 27317)
|
||||
crypto/tls: enable ChaCha20-Poly1305 cipher suites by default. (CL 30958)
|
||||
crypto/tls: expand ClientHelloInfo (CL 31391)
|
||||
crypto/tls: fix deadlock when racing to complete handshake (CL 29164)
|
||||
crypto/tls: flush the buffer on handshake errors (CL 28818)
|
||||
crypto/tls: implement countermeasures against CBC padding oracles (CL 18130)
|
||||
crypto/tls: set Conn.ConnectionState.ServerName unconditionally (CL 22862)
|
||||
crypto/tls: support AES-128-CBC cipher suites with SHA-256 (CL 27315)
|
||||
crypto/tls: support ChaCha20-Poly1305. (CL 30957)
|
||||
crypto/tls: support X25519 (CL 30824, CL 30825)
|
||||
crypto/{tls,cipher,internal/cryptohw}: prioritise AES-GCM when hardware support is present. (CL 32871)
|
||||
crypto/x509: support PSS signatures (CL 24743)
|
||||
crypto/x509: implement SystemCertPool on Windows (CL 30578)
|
||||
crypto/x509: expose UnknownAuthorityError.Cert (CL 32644)
|
||||
crypto/x509: allow a leaf certificate to be specified directly as root (CL 27393)
|
||||
crypto/x509: check that the issuer name matches the issuer's subject name (CL 23571)
|
||||
crypto/x509: don't accept a root that already appears in a chain. (CL 32121)
|
||||
crypto/x509: fix name constraints handling (CL 30155)
|
||||
crypto/x509: parse all names in an RDN (CL 30810)
|
||||
crypto/x509: recognise ISO OID for RSA+SHA1 (CL 27394)
|
||||
crypto/x509: require a NULL parameters for RSA public keys (CL 16166, CL 27312)
|
||||
crypto/x509: return error for missing SerialNumber (CL 27238)
|
||||
crypto/x509: support RHEL 7 cert bundle (CL 30375)
|
||||
database/sql: accept nil pointers to Valuers implemented on value receivers (CL 31259)
|
||||
database/sql: add Pinger interface to driver Conn (CL 32136)
|
||||
database/sql: add context helper methods and transaction types (CL 31258)
|
||||
@ -425,7 +415,11 @@ image/png: implement grayscale transparency. (CL 32143)
|
||||
image/png: implement truecolor transparency. (CL 32140)
|
||||
image/png: improve compression by skipping filter for paletted images (CL 29872)
|
||||
lib/time: update tzdata to 2016i (CL 33029)
|
||||
math/big: add (*Int).Sqrt (CL 30706)
|
||||
math/big: implement Float.Scan, type assert fmt interfaces to enforce docs (CL 30723)
|
||||
math/big: support negative numbers in ModInverse (CL 29299)
|
||||
math/rand: add Rand.Uint64 (CL 27253)
|
||||
mime: preserve unnecessary backslash escapes as literals (CL 32175)
|
||||
mime/quotedprintable: accept = not followed by 2 hex digits as literal equals (CL 32174)
|
||||
mime/quotedprintable: accept trailing soft line-break at the end of message (CL 27530)
|
||||
net/http, net/http/httptest: make http2's TrailerPrefix work for http1 (CL 32479)
|
||||
|
Loading…
Reference in New Issue
Block a user